Cyber Defense Analyst - C12 - CIUDAD DE MEXICO

The cyber defense analyst for Services within the Business, Functions and Technology (BFT) is responsible for maintaining a secure technology ecosystem free from high-risk vulnerabilities and rapidly respond to the changing threat landscape and business demand to mitigate cyber risk for the Services business.

Responsibilities:

• Vulnerability Operations

• Ensure business and technology remain within appetite for all applicable CSRAs and sustain it with the consistent operating model.

• Enhance current VTM and GEM operating model in line with BFT Risk Governance organization with Path-to-appetite and reporting.

• Timely escalate to  CISO LTs and Businesses and ensure VTM Risk Treatment responses are entered in a timely fashion

• Support VO Organization to improve the quality and integrity of VTM/GEM reports

• Continue supporting VTM and GEM Uplift Program activities and reduce risk while reducing stakeholders’ pain-points (data/reporting, false positives, processes).

• Perform root cause analysis of VA Issues and identification of repeated offenders for high risk vulnerabilities

• Security Incident Response

• Identify areas of repeating SIRT incidents, related trending and work with technology team and ISO contacts in reducing repeat volume instances.

• Identify opportunities for improving SIRT workflow efficiencies and developing reporting which better reports on root causes for bringing down repeat instance volumes

• Work with SIM and  ISO community to facilitate the adherence of SIRT reporting timelines as per defined within SIRT standard, as well as identify deviations and its cause (Project Dixson)

• Define and document escalation and response procedures between IR CFSC and Cyber Defense.

• Document/update a Cyber Response plan or guideline to complement Business or Country Crisis Management Plans and support Crisis Management Team training. 

Qualifications:

• 6-10 years of relevant experience
• Understanding of security frameworks, specifically the Cyber Risk Institute (CRI) Profile
• Proficient in interpreting and applying policies, standards, and procedures
• Extensive knowledge of information security specifically in application security as well as risk assessment methodologies, tools, and industry standards.
• Strong analytical, and problem-solving skills
• Excellent communication and interpersonal skills
• CRISC, CISA, CISM, CISSP preferred
• At least intermediate-level proficiency in Microsoft Office tools

Education:

• Bachelor’s degree/University degree or equivalent experience

This job description provides a high-level review of the types of work performed. Other job-related duties may be assigned as required.

------------------------------------------------------

Job Family Group:

------------------------------------------------------

Job Family:

------------------------------------------------------

Time Type:

------------------------------------------------------

Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law.

If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review Accessibility at Citi.

View Citi’s EEO Policy Statement and the Know Your Rights poster.